Users wishing to remain anonymous or access chat clients blocked in their own country could use Tor Messenger to chat via services like Facebook Chat, Google Talk, Twitter, Yahoo and Internet Relay Chat.

The program does not communicate via what's often called the "dark web", a collection of hidden websites and services, but rather by sending messages across a series of internet relays (or routers) so that their origin cannot be tracked.

These relays are called "bridges".

Bypassing blocks

"They're computers run by volunteers and in a censored area your computer will connect to these," explained Steven Murdoch, a security researcher at University College London who has worked on Tor projects.

"Those services are not publicly listed anywhere - they should not be blocked even if access to the Tor network is blocked."

In addition, messages may be encrypted to provide additional security. This feature is enabled by default, though both parties in a one-to-one chat would have to have off-the-record encryption (OTR) set up.

This requires the two parties to exchange a secret key which is needed to decode the messages they send to each other.

Interest in privacy

"At the end of the day some people really do need privacy and security so this would be important to them," commented Jim Killock, executive director of the Open Rights Group.

He also told the BBC that he imagined the tool, once audited, could be used by whistleblowers, individuals wanting to complain about corruption or sources desiring to speak to journalists anonymously about a story.

"I think it shows the worries people have that chats and other clients are being snooped on," he added.

Dr Murdoch also made the point that while the service was still being tested, it shouldn't be used by those who have serious security concerns.

"It's good for people to experiment with but not if you've got serious security requirements yet," he told the BBC.

Ellison loved the idea of boosting dividends, he joked. That's because he's Oracle's largest individual shareholder. He owns 27% of the company with nearly 1.2 billion shares.

Without missing a beat he quipped:

"You’re not going to get me to come out against increasing the dividend," and he giggled out loud. "I think that’s a hell of an idea, maybe 4% would be good. Start a petition. I’ll be the first to sign!" he laughed some more. "Actually, I have my truck out front. I can pick up my share."

The funny thing is, he probably wouldn't mind a bigger dividend. Ellison rarely sells his Oracle shares and given how much he spends (mansions, private golf courses, a Hawaiian island, jets, cars, the America's Cup ...) he's been known to borrow money to smooth out his cash flow. Last year, he used a fraction of his Oracle stake as collateral to secure a $10 billion personal line of credit.

But when he stopped laughing at the thought of a truckload of cash coming his way, he did answer the question more seriously.

He wants Oracle to have the cash on hand to do a big acquisition when the time is right.

"We use our money for a variety of things. We buy back stock, we pay dividends. We haven’t made any large acquisitions for a while. You know? We’re kind of saving our nickels and dimes. We might do something interesting, one of these days. Not anytime soon. We are singularly focused not on acquisitions but on maturing our cloud business."

The one big acquisition he's not planning on making? EMC. When asked about that he said, " I can tell you, we’re not bidding for EMC."

jueves, 29 de octubre de 2015

The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details.

“It was not unusual for me to receive e-mails requesting a transfer of funds,” the accountant later wrote, and when she was contacted by the lawyer via e-mail, she noted the appropriate letter of authorization—including her CEO’s signature over the company’s seal—and followed the instructions to wire more than $737,000 to a bank in China.

The next day, when the CEO happened to call regarding another matter, the accountant mentioned that she had completed the wire transfer the day before. The CEO said he had never sent the e-mail and knew nothing about the alleged acquisition.

The company was the victim of a business e-mail compromise (BEC), a growing financial fraud that is more sophisticated than any similar scam the FBI has seen before and one—in its various forms—that has resulted in actual and attempted losses of more than a billion dollars to businesses worldwide.

How to Avoid Becoming a Victim of a BEC Scam

In October 2013, the Internet Crime Complaint Center (IC3) began receiving complaints from businesses about trusted suppliers requesting wire transfers that ended up in banks overseas—and turned out to be bogus requests. Since then, losses from the business e-mail compromise (BEC) scam have been significant.

“For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000,” said Ellen Oliveto, an FBI analyst assigned to the center. “The average loss to BEC victims is $130,000.” IC3 offers the following tips to businesses to avoid being victimized by the scam (a more detailed list of strategies is available at www.ic3.gov):

- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.

- If possible, register all Internet domains that are slightly different than the actual company domain.

- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.

“BEC is a serious threat on a global scale,” said FBI Special Agent Maxwell Marker, who oversees the Bureau’s Transnational Organized Crime–Eastern Hemisphere Section in the Criminal Investigative Division. “It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering.”

Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. and unreported losses.

The scammers, believed to be members of organized crime groups from Africa, Eastern Europe, and the Middle East, primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments. The scam succeeds by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques. Businesses of all sizes are targeted, and the fraud is proliferating.

According to IC3, since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad. The majority of the fraudulent transfers end up in Chinese banks.

Not long ago, e-mail scams were fairly easy to spot. The Nigerian lottery and other fraud attempts that arrived in personal and business e-mail inboxes were transparent in their amateurism. Now, the scammers’ methods are extremely sophisticated.

“They know how to perpetuate the scam without raising suspicions,” Marker said. “They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these e-mails having horrible grammar and being easily identified are largely behind us.”

To make matters worse, the criminals often employ malware to infiltrate company networks, gaining access to legitimate e-mail threads about billing and invoices they can use to ensure the suspicions of an accountant or financial officer aren’t raised when a fraudulent wire transfer is requested.

Instead of making a payment to a trusted supplier, the scammers direct payment to their own accounts. Sometimes they succeed at this by switching a trusted bank account number by a single digit. “The criminals have become experts at imitating invoices and accounts,” Marker said. “And when a wire transfer happens,” he added, “the window of time to identify the fraud and recover the funds before they are moved out of reach is extremely short.”

In the case mentioned above—reported to the IC3 in June—after the accountant spoke to her CEO on the phone, she immediately reviewed the e-mail thread. “I noticed the first e-mail I received from the CEO was missing one letter; instead of .com, it read .co.” On closer inspection, the attachment provided by the “lawyer” revealed that the CEO’s signature was forged and the company seal appeared to be cut and pasted from the company’s public website. Further assisting the perpetrators, the website also listed the company’s executive officers and their e-mail addresses and identified specific global media events the CEO would attend during the calendar year.

The FBI’s Criminal, Cyber, and International Operations Divisions are coordinating efforts to identify and dismantle BEC criminal groups. “We are applying all our investigative techniques to the threat,” Marker said, “including forensic accounting, human source and undercover operations, and cyber aspects such as tracking IP addresses and analyzing the malware used to carry out network intrusions. We are working with our foreign partners as well, who are seeing the same issues.” He stressed that companies should make themselves aware of the BEC threat and take measures to avoid becoming victims (see sidebar).

If your company has been victimized by a BEC scam, it is important to act quickly. Contact your financial institution immediately and request that they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI, and also file a complaint—regardless of dollar loss—with the IC3.

“The FBI takes the BEC threat very seriously,” Marker said, “and we are working with our law enforcement partners around the world to identify these criminals and bring them to justice.”

OpenWorld 2015 with Introduction of New Oracle Cloud Services and Ease-of-Use Advances

Press Release

New
capabilities on every layer of Oracle Cloud are designed for lower cost, higher
reliability and performance, always-on security, open standards, and
compatibility with private clouds

Oracle OpenWorld, San
Francisco—Oct 26, 2015

Oracle Executive Chairman and CTO Larry Ellison introduced more than a dozen new Oracle Cloud services and capabilities in the opening keynote presentation at Oracle OpenWorld 2015 in San Francisco’s Moscone Center.

Ellison outlined six design goals for Oracle Cloud: cost, reliability, performance, standards, compatibility, and security. In the transition to cloud computing, Ellison said, businesses are in “the middle of a generational shift in computing that is no less important than our shift to personal computing.” And he demonstrated a new just-in-time learning system that will be available within Oracle’s Software-as-a-Service applications.

·“We went into the SaaS business, and
came to understand that required us to be in the platform business. And we went
into the platform business and came to understand we had to be in the infrastructure-as-a-service
business. That’s how we got to where we are today.”

·“On-premises computing is not going
to vanish. Even if on-premises computing eventually becomes a smaller piece of
the pie than cloud computing, there's going to be a long period of transition.”

·“We're standards-based, and because
we're compatible—our cloud is compatible to what you have on premise—it's very
easy to lift and shift. It's very easy to take workloads you already have,
databases you already have, and move them to the cloud.”

Organizations worldwide are increasingly adopting Oracle Cloud Applications to grow faster, differentiate from competitors and better serve their customers. A complete and fully integrated suite of cloud applications for every function in the enterprise, Oracle Cloud Applications enable organizations across all industries to quickly and easily adopt modern best practices, increase business agility, reduce complexity and costs, and succeed in a digital world.

To deliver the experiences customers expect, attract and retain the talent required to succeed, and achieve the performance that today’s digital economy demands, organizations across all industries need to transform their critical business functions and embrace modern best practices. This transformation requires complete, integrated and modern business applications that provide business users with quick and easy access to social, mobile and analytic capabilities.

“In today’s business environment, there is no room for mistakes and organizations that do not adopt modern best practices across all their critical business functions will struggle to survive,” said Steve Miranda, Executive Vice President of Applications Development, Oracle. “With Oracle Cloud Applications, Oracle provides a comprehensive and integrated suite of modern business applications that increase business agility and reduce costs. As a result, organizations across every industry are increasingly selecting Oracle Cloud Applications to transform the way they do business.”

Oracle
Customer Experience Cloud (Oracle CX Cloud)

Oracle CX Cloud empowers
organizations to improve experiences, enhance loyalty, differentiate their
brands, and drive measurable results across all channels, touchpoints and
interactions. Organizations such as a major African airline company, a global
car manufacturer and multinational manufacturer of consumer and professional
products are using Oracle CX Cloud to deliver consistent and personalized
customer experiences.

Oracle
Human Capital Management Cloud (Oracle HCM Cloud)

Oracle HCM Cloud provides
organizations with modern HR technologies that enable collaboration, optimize
talent management, provide complete workforce insights, increase operational
efficiency, and make it easy for everyone to connect on any device.
Organizations such as a major insurance provider, financial services business
and home manufacturer are using Oracle HCM Cloud to find and retain the best
talent and increase global agility.

Oracle
Cloud Solutions

Oracle provides one of the
industry’s broadest and most complete portfolio of public, private, and managed
cloud offerings to offer customers the choice of deployment model. Oracle Cloud
delivers a broad suite of public cloud services across DaaS, SaaS, PaaS, and
IaaS. Oracle also provides a rich portfolio of products and managed cloud
services to deliver enterprise private clouds.